Trump administration officials “believe” that the White House Chief of Staff John Kelly’s personal cell phone was “compromised” while he was serving as Secretary of Homeland Security, several anonymous U.S. government sources told Politico on Oct. 5. Although the White House claimed the former Marine general only used a secure work phone for government business (which, well, lol), those sources said Kelly “turned his phone into White House tech support this summer complaining that it wasn’t working or updating software properly” — a period of time, officials fear, that “hackers or foreign governments may have had access” to sensitive data from Kelly’s time as one of the nation’s highest law enforcement officers, according to Politico.
Kelly’s phone incident isn’t the first time one of Trump’s beloved generals has had his communications compromised, and given months of tension between Trump’s coterie of West Wing loyalists and “Church Lady” (the nickname given to Kelly by some White House staffers), it would be easy to dismiss the report as internal jousting among batshit insane Trump sycophants. But there’s actually a more logical explanation: Despite the insane fever swamps that threaten to distort legitimate reports of Russian hacking during the 2016 election, the country’s army of hackers have targeted the cell phones of U.S. military personnel for years.
The day before news broke of Kelly’s compromised cell phone, the Wall Street Journal reported that Western officials believe the Russian military is aggressively exploiting the personal smartphones of troops and politicians from NATO-aligned member nations, from the lowly combat troops deployed to Europe’s Russian border this year to senior military and political officials. The goal of these electronic incursions, Western military sources told the Wall Street Journal, is “to gain operational information, gauge troop strength and intimidate soldiers.”
Russia’s electronic warfare capabilities have surged in recent years, from outfitting civilian cell phone towers and other civilian infrastructure with jamming devices to knock out incoming cruise missiles to disabling the electric grid for almost 250,000 Ukrainians amid increasing cyber weapon tests in the neighboring country. As recently as 2016, Russian GRU unit “Fancy Bear” used cell phone exploits to track the positions of Ukrainian D-30 towed howitzers that relied on an Android app for more efficient positioning. And in May 2017, Russia likely used Stingray communications intercept equipment — the equivalent of a “roving wiretap,” as TechDirt wrote — to send threatening messages to Ukrainian troops about how their commanders will “find your bodies when the snow melts.”
In recent months, Pentagon personnel deployed to NATO countries bordering Russia have experienced digital incursions first-hand. The Wall Street Journal described the experience of Lt. Col. Christopher L’Heureux, a 2nd Cavalry Regiment commander deployed to Poland to help train allied troops on their tactical response to a potential Russian invasion, who claimed he experienced a hack shortly after assuming command. As The War Zone points out, the Army’s Asymmetric Warfare Group updated its “Russian New Generation Warfare Handbook” in 2016 detailing the various electronic and cyber warfare capabilities developed facing U.S. military personnel operating near Russia, including activities that closely resemble the experience of Ukrainian troops this past May.
So how did Russia-associated hackers go from targeting Army riflemen downrange to someone of Kelly’s stature? There’s an implicit assumption that the better the location of your office in the Pentagon’s E-ring or at the State Department, the more secure your communications are. But if Hillary Clinton should have known better about using a private internet server during her time as Secretary of State and while Trump administration officials can claim ignorance over their own missteps, it’s clear that Kelly, a career military man, should have known better when his phone started acting up back in December 2016.
But why can’t DARPA or another agency whip up a specially designed secure smartphone like the one President Obama used to enjoy? Engineering a completely secure device like the spy-proof “blackphone” proposed by former Navy SEAL Mike Janke in March 2015 is a deeply flawed proposition. A 2009 DoD effort to engineer an encrypted mobile device cost more than $36 million over five years; according to Larson, “by the time it was ready for use, the carriers had upgraded to 4G networks with which it was incompatible.” Not that compatibility would matter: An Army Capabilities Integration Center white paper published in 2016 found that not only do existing Pentagon policy and security constraints make developing a next-generation military smartphone cost prohibitive, but, in the case of the Army, would require “a radical change in how [the Department of Defense] and the Army protect its information from one of protecting the network to a philosophy” — a change the DoD simply doesn’t seem poised to embrace on a large scale.
The federal bureaucracy may move slowly, but the Army already has its ass in gear to address the issue, a contrast that may make Kelly’s hacking episode feel like a major violation to a retired Marine general who frequently patrols the perimeter of the White House. At least the Washington Post didn’t publish his phone number.